]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Cluster.pm
1 package PVE
::API2
::Firewall
::Cluster
;
5 use PVE
::Exception
qw(raise raise_param_exc raise_perm_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
9 use PVE
::API2
::Firewall
::Rules
;
10 use PVE
::API2
::Firewall
::Groups
;
11 use PVE
::API2
::Firewall
::IPSet
;
15 use Data
::Dumper
; # fixme: remove
17 use base
qw(PVE::RESTHandler);
19 __PACKAGE__-
>register_method ({
20 subclass
=> "PVE::API2::Firewall::Groups",
24 __PACKAGE__-
>register_method ({
25 subclass
=> "PVE::API2::Firewall::ClusterRules",
29 __PACKAGE__-
>register_method ({
30 subclass
=> "PVE::API2::Firewall::ClusterIPSetList",
34 __PACKAGE__-
>register_method({
38 permissions
=> { user
=> 'all' },
39 description
=> "Directory index.",
41 additionalProperties
=> 0,
49 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
56 { name
=> 'options' },
65 my $option_properties = {
71 description
=> "Input policy.",
74 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
77 description
=> "Output policy.",
80 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
84 my $add_option_properties = sub {
85 my ($properties) = @_;
87 foreach my $k (keys %$option_properties) {
88 $properties->{$k} = $option_properties->{$k};
95 __PACKAGE__-
>register_method({
96 name
=> 'get_options',
99 description
=> "Get Firewall options.",
101 additionalProperties
=> 0,
105 #additionalProperties => 1,
106 properties
=> $option_properties,
111 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
113 return PVE
::Firewall
::copy_opject_with_digest
($cluster_conf->{options
});
117 __PACKAGE__-
>register_method({
118 name
=> 'set_options',
121 description
=> "Set Firewall options.",
124 additionalProperties
=> 0,
125 properties
=> &$add_option_properties({
127 type
=> 'string', format
=> 'pve-configid-list',
128 description
=> "A list of settings you want to delete.",
131 digest
=> get_standard_option
('pve-config-digest'),
134 returns
=> { type
=> "null" },
138 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
140 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($cluster_conf->{options
});
141 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
143 if ($param->{delete}) {
144 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
145 raise_param_exc
({ delete => "no such option '$opt'" })
146 if !$option_properties->{$opt};
147 delete $cluster_conf->{options
}->{$opt};
151 if (defined($param->{enable
})) {
152 $param->{enable
} = $param->{enable
} ?
1 : 0;
155 foreach my $k (keys %$option_properties) {
156 next if !defined($param->{$k});
157 $cluster_conf->{options
}->{$k} = $param->{$k};
160 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
165 __PACKAGE__-
>register_method({
166 name
=> 'get_macros',
169 description
=> "List available macros",
171 additionalProperties
=> 0,
179 description
=> "Macro name.",
183 description
=> "More verbose description (if available).",
194 my ($macros, $descr) = PVE
::Firewall
::get_macros
();
196 foreach my $macro (keys %$macros) {
197 push @$res, { macro => $macro, descr
=> $descr->{$macro} || $macro };